Problem setting up Nordvpn on asus RT-ac86u merlin [Noob]

Robson

New Around Here

Attachments

  • 1.png
    1.png
    125.5 KB · Views: 139
  • 2.png
    2.png
    96.9 KB · Views: 137
  • 3.png
    3.png
    102.8 KB · Views: 124
  • 4.png
    4.png
    110.7 KB · Views: 139

Viktor Jaep

Very Senior Member
Tried setting up Nordvpn on my roter using this guide https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm
It works for a while and then suddenly I lose internet.
If I set "connect to dns server automatically" to yes usually internet comes back but I lose my VPN.
Could someone take a look on my setting and let me know if anything is wrong from there?

Thanks
You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

 

ColinTaylor

Part of the Furniture
Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.
 

Robson

New Around Here
You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log
 
Last edited:

Robson

New Around Here
Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.
Thanks for your reply
I changed dns to cloudfare 1.1.1.1 and 1.0.0.1
going to give it a try
 

Viktor Jaep

Very Senior Member
Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log

Give this one a shot... it does seem to help with speed and stability:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
 

Robson

New Around Here
Give this one a shot... it does seem to help with speed and stability:

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!
 

Viktor Jaep

Very Senior Member
I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!

Absolutely... I think @ColinTaylor's suggestion was probably the fix, but every little tweak helps in the overall scheme of things. ;)
 

Viktor Jaep

Very Senior Member
Would you mind sharing your reasoning regarding this?
Many times, VPN providers' DNS servers are meant to be accessed only while connected through their VPN, and may not even be usable or visible to the general public. So if you reference them in your WAN connection, you're basically making a public connection to them without accessing them through an encrypted tunnel, and may not be usable... thus breaking your ability to resolve anything, and hobbling your ability to function across the WAN.
 
Last edited:

ColinTaylor

Part of the Furniture
Would you mind sharing your reasoning regarding this?
In addition to @Viktor Jaep's post, the OP was using policy rules to redirect only one device through the VPN. The VPN provider instructions assume all devices are going through the VPN and the customer wants all these devices to use their DNS servers.
 

Dimmie

Occasional Visitor
Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.
 

RMerlin

Asuswrt-Merlin dev
Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.
I use NordVPN for my tests. I had a NordVPN tunnel running non-stop for multiple weeks on my RT-AC68U without any connectivity issue.
 

Viktor Jaep

Very Senior Member
Do not use 386.7_2 or 386.7, it will not work stable with nordvpn. Esspecially the dns is buggy when using VPN (stops working). Use 386.5_2 on the ac86u and the also the dns servers of nordvpn will just work fine.
Agreeing completely with @RMerlin ... I've been running NordVPN non-stop on both 386.7 and 386.7_2 (and waaaayyyy before these versions)... zero issues with the firmware, or with dns. I'm not sure what @Dimmie is referring to, but feel free to ignore this advice completely. He is most likely experiencing issues due to vpn client configuration problems or custom vpn config options. <sigh>
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top